Article Details

Trend Micro fixes critical vulnerabilities in multiple products. Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. The security vendor underlines that it has seen no evidence of active exploitation in the wild for any of them. However, immediate application of the security updates is recommended to address the risks. Trend Micro Endpoint Encryption PolicyServer is a central management server for Trend Micro Endpoint Encryption (TMEE), providing full disk encryption and removable media encryption for Windows-based endpoints. The product is used in enterprise environments in regulated industries where compliance with data protection standards is critical. With the latest update, Trend Micro addressed the following high-severity and critical flaws: It should be noted that while Trend Micro's security bulletin for Endpoint Encryption PolicyServer lists all four vulnerabilities above as critical, ZDI's advisory asessed CVE-2025-49217 as being a high-severity vulnerability. Additional issues addressed by the latest version of Endpoint Encryption PolicyServer inlcude four more high-severity vulnerabilities (e.g. SQL injection and privileges escalation issues). All of the vulnerabilities were addressed in version 6.0.0.4013 (Patch 1 Update 6). The flaws impact all versions up to the latest, and there are no mitigations or workarounds for them. A second set of problems that Trend Micro addressed impacts Apex Central, a centralized security management console used for monitoring, configuring, and managing multiple Trend Micro products and security agents across an organization. Both issues are critical-severity, pre-authentication remote code execution flaws: The issues were fixed in Patch B7007 for Apex Central 2019 (on premise), while they are automatically applied on backend for Apex Central as a Service. Why IT teams are ditching manual patch management Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore. In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work -- no complex scripts required.